FAQ  Search  Memberlist  Usergroups  Register  Profile  Private messages  Log in

Cisco 806 Config

Forum Index -> alt.certification.cisco

Author	Message
Eddie Haskal Guest	Posted: Fri Aug 08, 2003 1:15 am    Post subject: Cisco 806 Config Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
inf1n1ty Guest	Posted: Fri Aug 08, 2003 2:03 am    Post subject: Re: Cisco 806 Config I assume you terminal services works ok, correct? Quote: ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Quote: Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
Eddie Haskal Guest	Posted: Fri Aug 08, 2003 2:34 am    Post subject: Re: Cisco 806 Config I did that prior to reading your note... I can connect on 21675, but cannot spawn a passive connection back to acquire the directory listing... Seems it won't allow ports needed to connect back to pass through... how do I pass ports 1023 and greater to 192.168.1.11 when 21675 connects? TIA New config: ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! no ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 ip classless ip http server ! ! Clear Access-List 23 for reconfigure no access-list 23 ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! ! Clear Access-List 100 for reconfigure ! no access-list 100 ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! Clear Access-List 101 for reconfigure ! no access-list 101 ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 login stopbits 1 line vty 0 4 exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 end "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:l1zYa.16604$tf.5254@lakeread03... I assume you terminal services works ok, correct? Quote: ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Quote: Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
Eddie Haskal Guest	Posted: Fri Aug 08, 2003 5:06 am    Post subject: Re: Cisco 806 Config I got it working now. "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:l1zYa.16604$tf.5254@lakeread03... I assume you terminal services works ok, correct? Quote: ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Quote: Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
Eddie Haskal Guest	Posted: Fri Aug 08, 2003 5:13 am    Post subject: Re: Cisco 806 Config If I want to restrict access to 5 remote ip addresses... can I simply create a name list that I can compare to in regards to allowing access or do I need to type in multiple lines per ip etc? Can I simply create another access list or names list and within that names list simply key in ip addresses that I want to allow access to my FTP server? TIA "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:l1zYa.16604$tf.5254@lakeread03... I assume you terminal services works ok, correct? Quote: ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Quote: Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
inf1n1ty Guest	Posted: Fri Aug 08, 2003 7:29 am    Post subject: Re: Cisco 806 Config you could do something like: access-list 100 permit tcp remote.ip.address eq 21675 host your.external.ip.address eq 21675 log with remote.ip.address of each of the external addresses you want to allow in -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:vWBYa.152052$R92.63261@news2.central.cox.net... Quote: If I want to restrict access to 5 remote ip addresses... can I simply create a name list that I can compare to in regards to allowing access or do I need to type in multiple lines per ip etc? Can I simply create another access list or names list and within that names list simply key in ip addresses that I want to allow access to my FTP server? TIA "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:l1zYa.16604$tf.5254@lakeread03... I assume you terminal services works ok, correct? ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
Eddie Haskal Guest	Posted: Fri Aug 08, 2003 9:02 am    Post subject: Re: Cisco 806 Config So, if I had 50 ftp users all from different networks, I would need 50 line filters? Is there a way to have a names list or something and then have the access lists refer to the names list that would contain just ip addresses??? "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:CPDYa.16627$tf.14446@lakeread03... you could do something like: access-list 100 permit tcp remote.ip.address eq 21675 host your.external.ip.address eq 21675 log with remote.ip.address of each of the external addresses you want to allow in -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:vWBYa.152052$R92.63261@news2.central.cox.net... Quote: If I want to restrict access to 5 remote ip addresses... can I simply create a name list that I can compare to in regards to allowing access or do I need to type in multiple lines per ip etc? Can I simply create another access list or names list and within that names list simply key in ip addresses that I want to allow access to my FTP server? TIA "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:l1zYa.16604$tf.5254@lakeread03... I assume you terminal services works ok, correct? ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
inf1n1ty Guest	Posted: Sat Aug 09, 2003 7:13 am    Post subject: Re: Cisco 806 Config No. You can use networks and subnet masks. If you have 50 individual ip's, that's a 50 line access list. -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:vhFYa.154257$R92.148507@news2.central.cox.net... Quote: So, if I had 50 ftp users all from different networks, I would need 50 line filters? Is there a way to have a names list or something and then have the access lists refer to the names list that would contain just ip addresses??? "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:CPDYa.16627$tf.14446@lakeread03... you could do something like: access-list 100 permit tcp remote.ip.address eq 21675 host your.external.ip.address eq 21675 log with remote.ip.address of each of the external addresses you want to allow in -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:vWBYa.152052$R92.63261@news2.central.cox.net... If I want to restrict access to 5 remote ip addresses... can I simply create a name list that I can compare to in regards to allowing access or do I need to type in multiple lines per ip etc? Can I simply create another access list or names list and within that names list simply key in ip addresses that I want to allow access to my FTP server? TIA "inf1n1ty" <inf1n1ty@hotmail.com> wrote in message news:l1zYa.16604$tf.5254@lakeread03... I assume you terminal services works ok, correct? ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 Remember, access controls lists (ACL's) allow or deny traffic. You still need some sort of statement to map the traffic from the nat ip address to the inside host, just as you did for term svcs. Lets assume you are running you ftp on that same host 192.168.1.11 on port 21675 on the inside host. You should add: ip nat inside source static tcp 192.168.1.11 21675 interface Ethernet1 21675 try that and let us know -- inf1n1ty "Eddie Haskal" <nospam@nospam.com> wrote in message news:jryYa.149744$R92.79869@news2.central.cox.net... Can anyone tell me why I am unable to talk from the world to my ftp running on port 21675? Here is my current config. Any help would be great... I have 8 hours into this router having never touched one before... Thanks!! ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname "Cisco" ! ! ip subnet-zero ! ip dhcp pool crwstest origin ipcp ! ! ! interface Ethernet0 ip address 192.168.1.2 255.255.255.0 ip nat inside ip dhcp relay information trusted no cdp enable hold-queue 32 in hold-queue 100 out ! interface Ethernet1 ip address dhcp client-id Ethernet1 ip nat outside no cdp enable ! ip nat inside source list 102 interface Ethernet1 overload ip nat inside source static tcp 192.168.1.11 3389 interface Ethernet1 3389 ip classless ip http server ! ! access-list 23 permit 192.168.1.0 0.0.0.255 ! ! Allow my Intranet to be able to talk to the world ! access-list 100 permit ip any 192.168.1.0 0.0.0.255 ! FTP Server initial setup - Incoming FTP request ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 eq 21675 log ! ! Data channel creation for incoming FTP request, passive mode ! access-list 100 permit tcp any gt 1023 host 192.168.1.11 gt 1023 log ! ! FTP Server initial setup - Response to outgoing request ! access-list 100 permit tcp any eq 21675 192.168.1.0 0.0.0.255 gt 1023 established log ! ! Data channel responses for outgoing FTP request, passive mode ! access-list 100 permit tcp any gt 1023 192.168.1.0 0.0.0.255 gt 1023 established log ! access-list 100 permit ip any any ! ! FTP Server initial setup - Response to incoming request ! access-list 101 permit tcp host 192.168.1.11 eq 21675 any gt 1023 established log ! ! Data channel responses for incoming FTP request, passive mode ! access-list 101 permit tcp host 192.168.1.11 gt 1023 any gt 1023 established log ! ! FTP Server initial setup - Outbound FTP request ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any eq 21675 log ! ! Data channel creation for outgoing FTP request, passive mode ! access-list 101 permit tcp 192.168.1.0 0.0.0.255 gt 1023 any gt 1023 log ! ! access-list 101 permit ip any any no cdp run ! line con 0 exec-timeout 120 0 password 7 login stopbits 1 line vty 0 4 exec-timeout 120 0 password 7 login local length 0 ! scheduler max-task-time 5000 end
Back to top
Display posts from previous: All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 Year Oldest FirstNewest First

	Forum Index -> alt.certification.cisco	All times are GMT
Page 1 of 1